Windows, security, etc. » Ethical hacking http://petrunic.com/blog Blog about windows, security, ethical hacking etc. Tue, 18 May 2010 11:02:45 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Malicious PDF document on the rise http://petrunic.com/blog/2010/04/07/malicious-pdf-document-on-the-rise/ http://petrunic.com/blog/2010/04/07/malicious-pdf-document-on-the-rise/#comments Wed, 07 Apr 2010 07:41:42 +0000 Robert Petrunic http://petrunic.com/blog/?p=164 As all of you probably know, all software has bugs and have to be updated regulary. But, what if you could exploit a software using allowed functions just the way they are supposed to work? This is something that happened to PDF readers (Adobe, Foxit) few days ago.

Didier Stevens proved this concept. Read more on his blog:

]]> http://petrunic.com/blog/2010/04/07/malicious-pdf-document-on-the-rise/feed/ 0 Vulnerability in TLS/SSL Could Allow Spoofing http://petrunic.com/blog/2010/02/10/vulnerability-in-tlsssl-could-allow-spoofing/ http://petrunic.com/blog/2010/02/10/vulnerability-in-tlsssl-could-allow-spoofing/#comments Wed, 10 Feb 2010 15:24:37 +0000 Robert Petrunic http://petrunic.com/blog/?p=118 After a few months of initial public demonstration of SSL renegotiation vulnerability, there was no widely used exploit/attack.  Unfortunately, there is (was) only a matter of time when something like this will happen. Reading Microsoft security advisory 977377, one can speculate that this will happen soon. Since this is not only Microsoft “problem” (SSL and TLS are used in other OS-es), other companies are working to find a solution to. 
Microsoft has offered a workaround (disabling SSL/TLS  renegotiation) for IIS servers.If you are interested, please read KB  article 977377 . Be aware that after you apply this workaround some application will not work as expected (more on this in KB article).

]]> http://petrunic.com/blog/2010/02/10/vulnerability-in-tlsssl-could-allow-spoofing/feed/ 0